Cyber security threats often an inside job

NEW YORK — Insider threats can compromise the cyber security of all types of organizations, according to a security expert.

“You're all the insider threat, whether you know it or not,” said Craig Guiliano, director of threat analytics at Silver Spring, Maryland-based consultant TSC Advantage.

An insider threat is a current or former employee who has authorized access to an organization's network, said Mr. Guiliano during a presentation on how employees' digital footprints can compromise their employers at Business Insurance's seventh annual Risk Management Summit in New York on Tuesday.

He said that more than 70% of breaches are attributed to credentialed insiders.

Insider threats stem from three types of insiders, Mr. Guiliano said: negligent insiders who may be a careless with things like passwords, malicious insiders who tend to strike during periods of “significant personnel actions” such as layoffs, and compromised insiders, whose access has been comprised by an outside attacker.

Adversaries use social engineering through human interaction and social skills to obtain or compromise sensitive data, he said. They conduct intelligence gathering, such as identifying the target's social media presence, and also try to build relationships online, possibly creating false online profiles, he said. The adversaries can use links to low-security profiles as well to get into a system, he said.

“Increasing IT budgets and ignoring the human factor is not the answer,” said Mr. Guiliano. “It's a people problem.”

He said the solution is what he called a “proactive, holistic approach to cyber security that promotes harmonization of technology, processes and people.”